Vulnerability — CVE-2021-25117

CVE-2021-25117

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2021-25117
Description:: The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfiltered_html capability is disabled.
Last updated date:: 01/19/2024

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/19/2024
Reference url to background: https://wpscan.com/vulnerability/d2d9a789-edae-4ae1-92af-e6132db7efcd/